Global food delivery service suffers a data breach.
05 September 2022BREACHAWARE HQ
A total of 11 breach events
were found and analysed resulting in 10,586,776 exposed accounts
containing a total of 12 different data types of personal datum
. The breaches found publicly and freely available included Start, Kaixin001, DoorDash, Apache Clips and IT Sense. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Behavioural Data, Locational Data, Socia-Demographic Data.
Data Breach Analysis
DoorDash, a major food delivery platform that handles sensitive user and transaction data. Exposure here can lead to account hijacking, payment fraud, or impersonation attacks if delivery history, addresses, or payment methods were included in the leak.Kaixin001, a popular Chinese social networking site. While its global footprint may be limited, its inclusion highlights the international scope of data breaches and the vulnerabilities of legacy platforms that may no longer receive regular security updates.
Apache Clips, a user-generated content platform focused on military videos. Exposure from such platforms may carry social and reputational risks, especially for individuals affiliated with armed forces or governmental organisations.
Start** and IT Sense, lesser-known services, possibly linked to regional tech, news, or educational content. Data from such platforms, while less sensational, often contains email addresses, usernames, and hashed passwords, making them valuable for credential stuffing attacks on more secure platforms.
The common thread across all these events is the potential for cross-platform exploitation. Even when data types seem basic, such as login credentials or names, they become dangerous when aggregated or reused across other services.
From a user perspective, these breaches underscore the importance of strong, unique passwords for each service, awareness of where personal information is stored, and active monitoring for phishing attempts or suspicious login activity.
From an organisational viewpoint, these events highlight how past or forgotten breaches can resurface to cause renewed harm. Transparency with users, timely disclosure, and proactive security hygiene are critical to limiting damage and restoring trust.
While each breach varies in severity and profile, the combined figure of over 10.5 million exposed accounts reinforces the ongoing need for robust data stewardship, especially in an environment where breached information can circulate indefinitely and with global reach.
Spotlight
An US food delivery service that operates all over the world, from Mexico to Japan, has unfortunately suffered a data breach. The company which engages with its users via their official app, can be found on iOS or Android. Over a hundred thousand unique email addresses and a range of datasets, including payment method and physical address were in the breach data. On the bright side no dietary preferences were disclosed, so at-least the team didn’t have to dig through the gluten free vegan section.Well, after that section, I’m sure your on the edge of your seat because...
A derriere furniture manufacturer who pride themselves on their innovation and design solutions has had a section of their user base dumped online and is now in circulation among threat actors. A member of the team picked up a file containing usernames, email addresses, and hashed MD5 passwords. There has been no comment from the company in question regarding the breach that we could find.
As I’m sure you’re well aware, LastPass had a security incident last week. A threat actor gained access to a dev account and accessed some portions of source code and some proprietary Last Pass technical information. As you'd expect LastPass appear to be handling the situation competently with transparent updates directly from CEO @Karim Toubba, read more here https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Any finally Samsung has confirmed a security incident, that took place in early August, has resulted in certain customers personal information being compromised. Read more directly from the horses mouth here https://www.samsung.com/us/support/securityresponsecenter/